From a91953204def624a264defaca264f87fbc0a28a7 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/dansguardian/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 dansguardian-model.lua | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/dansguardian-model.lua b/dansguardian-model.lua
index 66bd6a7..d54a87a 100644
--- a/dansguardian-model.lua
+++ b/dansguardian-model.lua
@@ -136,27 +136,11 @@ update_general_config = function( config )
 end
 
 get_file = function(filename)
-	local retval
-	if is_valid_filename(filename) then
-		retval = modelfunctions.getfiledetails(filename)
-	else
-		retval = modelfunctions.getfiledetails("")
-		retval.value.filename.value = filename
-	end
-
-	return retval
+	return modelfunctions.getfiledetails(filename, is_valid_filename)
 end
 
 update_file = function(filedetails)
-	local retval
-	if is_valid_filename(filedetails.value.filename.value) then
-		retval = modelfunctions.setfiledetails(filedetails)
-	else
-		retval.value.filename.errtxt = "Invalid filename"
-		retval.errtxt = "Failed to save file"
-	end
-
-	return retval
+	return modelfunctions.setfiledetails(filedetails, is_valid_filename)
 end
 
 list_files = function()
-- 
cgit v1.2.3